Note: if you tried installing older version of Shrew VPN (e.g. alpha version), and you keep getting blue screen, I recommend doing System Restore to get rid of it (it might also affect other programs you installed after Shrew VPN). Otherwise it's very difficult to stop BSODs.

I published the NCP-e VPN configuration tutorial not so long ago, which was the first 64bit IPSec VPN client that worked for me, it's not free (probably that's why), most other clients gave me blue screens while installing drivers. But now it seems, as we are getting closer to Windows 7 64bit release date, there soon be a choice of even free IPSec VPN clients working on 64bit Windows 7. It's for you to decide whether you want a commercial VPN client with more support and extra features or just a free VPN client. I only intend to publish my personal experience when testing them. Now it's time for Shrew VPN client, which only recently (3rd of Sept) released it's RC3 version, that worked on my computer.

Installation:

After downloading the 2.1.5(rc3) version of Shrew VPN, start installing it, a message or two maybe pop-up asking to confirm driver installation, which may hide behind the installation window (press ALT+TAB if your installation doesn't seem to be doing much to check if it's hiding somewhere), click yes (install) to it. Update: version 2.1.5 is no longer in beta or RC version, so you can download the stable 2.1.5 version of 05 Dec 2009 (or newer betas if you fancy testing new releases).

Configuration:

If you have a .pcf file from your older CISCO VPN client, then open Shrew Soft VPN, go to File>Import>Select .pcf file extension from the filter>Select your file>click open. Try connecting now, if it works then great (it didn't for me at this point). If it doesn't then click Modify>select "client" tab>Navigate to NAT traversal>Select "force-rfc" Update: force rfc is probably not required in most configurations, only in very particular cases. If it's still not connecting, check the configuration as described below.

If you don't have a configuration file from your old Cisco client, then make sure that you have these common settings:

IPSec gateway (e.g. vpn.blahblah.com or 129.123.000.000)

IPSec ID, also known as group ID (usually just a word)

IPSec secret. also known as group password (also a word)

remote access personal username (xauth username)

remote access personal password (xauth password)

(and maybe other advanced settings as well, if you were given those)

1) First add a new connection profile, by clicking ADD button, you will see General VPN settings tab, enter your IPSec gateway in "Host Name or IP address" field (and port settings if you were given them).

2)Navigate to client tab, and select force-rfc under NAT traversal (leave other settings on default, unless you were given different ones). (see the first image for the screenshot). Update: this is probably not required for most connection types

3) Navigate to Name Resolution tab, and leave all automatic settings (unless you were given specific WINS, DNS servers etc.., but try automatic first).

4) Navigate to Authentication tab, select Mutual PSK+Xauth under Authentication method (if you method of authentication is IPSec group ID and pre-shared key, select a different one if you are using a certificate, etc..).

Navigate to Local Identity sub-tab, select Key Identifier under Identification Type and enter your IPSec group ID in the "Key ID String" field.

Navigate to Remote Identity sub-tab and leave it on Any Identification type.

Navigate to Credentials sub-tab and enter your IPSec Group Password in "Pre Shared Key" field. If you are using a certificate as your authentication method then select your certificate in this tab.

5) Phase 1tab, Phase 2tab and Policy tab usually don't need any changes, unless you were given particular settings that you need to enter, like main exchange type if you are using a certificate, encryption algorithms supported by your server, PFS exchange, etc ..

Click save, and then in the main program windows click connect. You will be asked for your Xauth username and password. Enter them and if your connection is successful, you can check your IP address on www.whatismyipaddress.com .

There are also two things that I recommend, go to File>Preferences>Tick Minimize when connection succeeds and Tick remember the connection username. And select Visible in system tray only for both drop-down lists, because it's very annoying to see those two windows in taskbar all the time.

Main VPN window (aka Access Manager can be closed now , or minimized if you want it to stay in system tray, it allows you to edit VPN connections, but otherwise is not needed to be open).
And I have not found a way to remember Xauth password yet, you'll have to enter it everytime you want to connect to your vpn.

That's it!
If you need any help or think something in this tutorial is wrong or misleading, leave a comment or contact me via message box on the right =>
Sign up for updates from this blog as well!! there will be more interesting STUFF!

Useful Tip:

To run Shrew VPN automatically or from command line (or remember password), create a text file in Notepad and add this line:

Excellent! Thanks for confirming that it works. I had exactly the same problem with 2.1.4, and I also had to use Windows System restore to get rid of it. It must be a common problem for vpn clients. But they seem to be improving :)

I installed Shrew client on Windows Serves 2008 R2 64-bit, it connects and the tunnel is enabled. Computer is gotten IP address, route is established but... I can not ping computers behind firewall. I have no clue what seems to be the problem. Any idea? It must be something wrong with route.

There are many reports about pinging problems all over the internet, and in particular that everything works on 32bit systems and not on 64bit system, I am not sure what causes this problem, but I found this response on thegreenbow website :

* Check Phase 2 settings : VPN client address and Remote LAN address. Usually, client IP address should not belong to the remote LAN subnet (read also What must be filled in Phase 2 field "VPN client address" ?)* Once tunnel is up, packets are sent with ESP protocol. This protocol can be blocked by firewall. Check that every device between the client and the VPN server does accept ESP* Check your VPN server logs. Packets can be dropped by one of its firewall rules.* Check your ISP support ESP* If you still cannot ping, follow ICMP traffic on VPN server LAN interface and on LAN computer interface (with Ethereal for example). You will have an indication that encryption works.* Check the “default gateway” value in VPN Server LAN. A target on your remote LAN can receive pings but does not answer because there is not “Default gateway” settings.* You cannot access to the computers in the LAN by their name. You must have specified their IP address inside the LAN.

Also, these steps on experts-exchange.com:

When you get the tunnel up and running but no traffic passes this is usually a problem with either NAT0 or NAT-T.

Great tutorial and some good user feedback here. Re: the ping issues with a firewall, is this an overlapping subnet issue? I see this all the time connecting into VPN's from hotels (some companies too, but rarer).

I know this is a frustration with a lot of clients out there now. Last I heard, NCP's Windows client has overcome this issue (some tech mojo they haven't made public).

Dear Happy Hippo:Thanks a ton.. Used the 2.1.5 RC3, imported my cisco pcf and lo! Back to Work.. ! Took me 5 minutes..

Only additional message I got was, soon after the installation finished, Vista brought up a pop-up of "Compatibility Manager" or some sort and it warned me that "this program may not have installed correctly" (even though the installer finished properly and I clicked its "finish" button to gracefully quit)..It gave me two options:1. (Re) Install using recommended settings (whatever that meant)2. Its fine.. This program installed correctly.

Great blog! Unfortunately I still have some problems. I have installed Shrew Soft VPN and a connection was established right away. However, when connected through VPN, my connection with the internet is lost and I cannot make connection with the network of my work. I had the same problem with NCP. Guess it must be something with the settings of my computer? Any suggestions? I am not really into computer things, but I really do need a working vpn-connections. So, hopefully, someone can help!

I still have problems with Windows Server 2008 R2, 64-bit. Where should I write "crypto isakmp nat-traversal 20". Probably in Cisco VPN server? The problem is that I'm not the administrator of VPN server :( I forgot to mention in my previous post on 13 september post that NCP 9.12 build 84 is working fine, but it is not free :(

Just trying to get up and running with Windows 7, 64-bit, with known good existing *.pcf files from three of the major sites we support. I get a "negotiation timeout" on all three sites. I've included a copy of the log in the Connect dialog. Any help would be appreciated.

Have you checked all the other settings manually? (Indicated on the screenshots) Sometimes more settings are needed to make it work. In particular check : NAT Traversal setting in Client tab (because my connection didn't work until I set this to force-rfc)

Just tested the latest RC. 2.1.5-rc-4 on my Win 7 64 bit computer, importing my Cisco VPN client profile file.I manage to get conneted but the security association fails continously. Do you have any idea why and how to troubleshoot it?

I have installed 2.1.5 rc4 on my Vista 64bit HP laptop. Once I have connected to my company VPN, my internet connection is being dropped. So, there is no way to either browse internet or remote desktop to my workstation at office. I have no such problem when using NCP secure client when setting DPD response to OFF (however, this is not free, I just tried the trial version).

I downloaded 2.1.5rc4 on win7 home premium and imported the PCF file from a working cisco vpn. I have the username and password for the working vpn and made sure they appear in the pcf file. I changed the nat to force rfc as suggested.

Still get negotiation timeout. Any ideas or a way to increase the connect timeout?

I too have the same timeout issue described above (during the "bringing up tunnel..." message). The company I work for uses a user-assigned "grid" of values for a second validation. Could this have something to do with the problem? I've actually gotten VPNC to work in Linux, but it didn't work in Windows.

Oh, btw, I found this comment on the Shrew Soft web site about Cisco. It may, or may not, have something to do with secondary authentication:

Known IssuesCisco gateways support a proprietary form of hybrid authentication which does not conform to RFC draft standards. At this time the Shrew Soft VPN Client does not support this authentication mode. We hope to add support for this in the future

It appears that some people are able to use this by doing changing the NAT Traversal to force-rfc, but this is not working for other (me included) I started from a working .pcf file. Is it possible that the type of firewall you are trying to connect to is an issue here? We have a basic Cisco PIX 501 on the other end. Are the people who have successfully connected using something more elaborate?

I'm just trying to troubleshoot what may be the difference.thanks,Joel

I honestly do not have that information. I'm the "pioneer" here trying to get the Cisco VPN Client to work in a 64bit environment (unsuccessfully atm). It "may" have something to do with the secondary authentication. It's a grid of columns and rows (kind of like a battleship board). After a successful authentication, a prompt is displayed by the Cisco client that gives you a few row-column combinations. You are to enter the letter or number in each cell to finish the authentication process. However, that never happens and I'm wondering if it's because of the above comment from Shrewsoft. As I said, at one point in time I was actually able to VPN using Linux and vpnc, but I've sense had to make my main machine Windows simply because of the company's software requirements.

I installed 2.1.5-rc-4 last night and it came right up! With the exception of not being able to get outside internet (internal works fine), all of my applications worked better than expected including Remote Desktop. Will be checking local firewall settings to see if that helps internet connections. Thanks for all of the inputs

Has anyone been able to retain internet connectivity on the local machine once connected to the VPN? Shrewsoft worked right out of the box to connect to my VPN (I was so happy I donated to them immediately) but it is a little frustrating to lose internet connectivity once connected. Cisco's VPN on my 32 bit machine does not do this. Any tips out there? I tried posting to their mailing list but got no response.

Anyone know how to get Shrew client to change the "Application version"?

This can be the cause of some disconnects (I know it is mine), since the VPN Server is configured to use firewall with windows cients. If I could add something like "Application version Cisco Systems VPN Client 4.8.00 (0490) Linux" like you can do for vpnc, this would probably solve all of my Shrew Issues.

I have 2.1.5-rc-4 installed on my laptop and I'm able to VPN into work without a problem. What seems to be happening now is that my wireless connection can't connect to the internet unless the network cable is connected. If I uninstall ShrewSoft my wireless connection works fine.

Is anyone else having this problem or have any idea what might be causing it? Thanks...

I also had the negotiation timeout error. Both with Shrew 2.1.5 stable and 2.20 Alpha against a Citrix gateway.

However NCP Secure Entry Client works for me on Win 2008 64-bit, even though it is not supported on Windows 2008. I disabled the following two services in order to make NCP work: IKE and AuthIP IPsec Keying Modules [servicename: IKEEXT], IPsec Policy Agent [servicename: PolicyAgent]).

I've had a partial success getting Shrew 2.1.5 VPN clinet and VMware to work together.What doesn't work for me is DNS from the VMs. Shrew seems either to be filtering or incorrectly forwarding DNS requests from the VM adapters.I've isolated this to the 'Shrew Soft Lightweight Filter' which if disabled, restores the VMs DNS. Unfortunatly, it also stops the establishment of VPNs :-(I suspect that this may require a change to the above filter code to properly interoperate with the VM adapters but maybe I've missed a setup change.This has been found on Win7 professional with 2.1.5 of Shrew vpn client.Any further suggestions welcome.Regards,Ian

Regarding VMware DNS interaction:Disabling the 'ShrewSoft DNS Proxy Daemon' service restores DNS access for the VMs. This only disables the split DNS capability which I can live for the time being.\Ian

I have installed NCP secure client 9.20 in my Windows 7 64 Bit and its working fine (30 Day trial is annoying me). I installed the various versions of SHREW Soft VPN but all the Shrew VPN Connecting successfully but I am unable to ping any LAN Servers. Do i need to uninstall NCP before installing Shrew VPN. Please advise.

I am trying to install SS on Win 7 Ultimate 64-bit and I get 2 errors while installing the drivers:1: Error 0x1: Couldn't get an interface pointer to vflt. Possible cause: Inforrect function.I click OK and get the second error2: could not install the network component.

I got this with 2.1.4, then 2.1.6, and finally 2.2.0 (alpha). I tried running the installer as Administrator still no juice.

Any ideas?

Also how does one completely remove all SS bits (drivers in system folder) in addition to the uninstall app?

Syd, sound like something is wrong either with your windows, or some program is interfering with Shrew VPN. To remove it , try system restore (it will also remove all programs you installed since your chosen restore point).Try running run command and entering: sfc /scannowAlthough vflt from googling seems to be some language system or something, so it well may be shrew VPn was incorrectly installed. Try uninstalling it, and going to Control panel and checking your language and regional settings. Set them to English.Good Luck

Then it's ok, but it's unreadable or empty then it must be corrupted. If it is readable, try to manually configure Shrew VPN (but you must know your Username and password and Group ID and Group password, if you don't know that , it is possible to decode them from Cisco pcf file, but I don't know how to be honest).Good luck

Hello, After trying a number of different versions of the Cisco VPN Client and having too many BSOD’s that crashed my PC, I am now trying the Shrew VPN Software. I’m using version 2.1.5. I’m running Windows Vista SP2. I installed the software successfully and was able to import my Cisco PCF file. I can connect to my client’s network initially. The problem I’m having is that I can’t keep the connection. Usually within a minute, I lose the connection. I’ve played around with almost all combinations of the options on the “Client” tab. I’m close but… I switched from my wireless connection to a wired connection on my home network to eliminate any issues with the wireless connection. Can anyone suggest any changes that may work?

meeboguest455824 (who left a message about running VPN before logging to windows)Ж I don't really know if you can do it, you can probably write a script that will run when you login to windows, execute shrew VPN/or connect Shrew VPN, and remap your network drives and stuff.. But for that Shrew must have command line interface, but I don't know if it has that. You may need to contact Shrew Soft directly and ask if they have that feature. http://www.shrew.net/contact

I, like a couple of others posting here, had great success in installing Shrew, importing the Cisco configuration (PCF) and getting it connect to our Cisco VPN COncentrator. However, lost internet connectivity on the local PC and didn't get it back even after disconnecting from the VPN. I finally had to uninstall Shrew and reboot my home PC to get it back.

Since all of our new laptops are coming with Windows 7, I need to be able to set them up with a VPN client that works with both the OS and our VPN Concentrator. Being a member of a small IT team working for a small company, I don't have the time to spend hours troubleshooting this issue, so if someone else that has experienced this problem has a solution, I'd greatly appreciate you sharing. Thanks!

On Win7 x64 under 2.1.5 release, Shrew has connected to the majority of my PCF files I was utilizing.

However, connections to Cisco's VPN (the company itself, which I assume uses their own top-of-the-line VPN gateway products) was failing after initial successful connection. I was immediately getting "session terminated by gateway" as detailed here. The timing pointed to a Phase2 issue but switching the Phase2 PFS setting did nothing.

Upgraded to 2.1.6-beta-3 release, and switched off Client | Enable Dead Peer Detection, and it is now is connecting fine.

Connections to Cisco's VPN was failing after initial successful connection. I was immediately getting "session terminated by gateway" as detailed here. Upgraded to 2.1.6-beta-3 release, and switched off Client | Enable Dead Peer Detection, and it is now is connecting fine.

I am not sure if the "Enable Dead Peer Detection" step is required but the upgrade to 2.1.6 made the difference.

Reading several articles on the web reached here and uninstalled NCP to try Shrew again.V.2.2.9 was messing my network driver and loose connection.V.2.1.5 installed again and finally I connected by changing the NAT-T to force-rfc.But no party!!! :-(

Even though the connection and IPs seem to be OK no ping to the e-mail server and no traffic.

Any ideas? I read somewhere that this might be a problem with the ISP but I took my laptop to a friends house with different ISP and no luck again.

Hi, regarding the last post, a quick google search for "NO_PROPOSAL_CHOSEN" resulted in this:

It means that the phase 2 settings do not match properly between the tworouters. So your subnet definitions may be wrong. Perhaps you put thelocal address in the remote address field or something like that.

Things you normally see as part of phase 2 settings:encapsulation type, ESP encryption transform, ESP authenticationtransform, perfect forward secrecy, local and remote ip settings. Don'tworry about key lifetime settings for now, they will not cause a phase 2failure yet. source: http://www.tomshardware.com/forum/17710-42-no_proposal_chosen

So basically it says to check your phase 2 settings, but I'm not sure what exactly went wrong.

Oh, and also, turn off Dear Peer detection (DPD) a lot of people said it terminates the connection sometimes, and Force-rfc on Shrew and UDP Encapsulation on NCP, as NCP-e VPN support suggested it is not needed in 99% of cases.

If you're using Windows 7 64 bit, and having problems getting/staying connected with the VPN client and getting the "session terminated by gateway" error, *and* you have tried changing the phase 2 options with no success....

If you have a 3rd party firewall product try *uninstalling* your 3rd party firewall. (Do not merely disable your firewall, but uninstall it (and use the Windows firewall)). I found Kaspersky Internet Security's firewall was preventing the VPN client from working. No firewall settings, or even disabling the firewall had any effect. I needed to uninstall it to make things work.

I like many of you have been having a problem with SS v2.1.5 where I am able to connect but not able to connect to the internet, or in my case, also not able to use Outlook and connect to my Exchange server. I was able to do everything else I needed to do like use RDP and connect to file shares.

After installing SS, I imported my Cisco VPN Client .pcf file expecting everything to work only to find my previously mentioned issues. I then tried the NCP Secure Entry Client and imported my .pcf and had none of the issues mentioned.

This led me to believe that is must be a SS configuration problem and not a .pcf or in my case a Cisco ASA issue.

What i ended up doing to fix my issues with SS is to go to in to the Name Resolution tab and uncheck the Enable Split DNS box.

i did not have to change the NAT Traversal or Enable Dead Peer Detection options.

First, a couple of things I do know about connecting to e.g. PIX515!1)It is normal behaviour to lose local access to networks/printers/internet while the VPN is up - you need to set up "split tunnelling" on the PIX.2)You should remove all previous VPN client software before installing Shrew (it does mention this on their website) I got BSDODs on Win7 pro 64bit due to leaving AnyConnect on.

Now where I am stuck!Shrew connects fine, but no ping to PIX inside, from both 32 and 64 bit.Both show "tunnel enabled", PIX ASDM syslog shows ...PHASE-2 COMPLETED etc (exactly the same as a Cisco client).Wireshark is showing "who has 192.168.12.2?" - it looks as if there is no gateway set up in the Shrew client - any ideas please?

Run repair of KIS on several other 32 and 64 bit Win7 machines - all now work.

I can see no difference in the firewall settings for KIS between working and non-working systems When KIS is installed before Shrew, disabling KIS completely still does not work.I have never seen any problems with the Cisco VPN on any 32 bit system, XP, Vista or Win7 with any Security Software - so I was not considering this sort of outcome!

Policy has 192.168.1.0/255.255.255.0 which allows both access through PIX and external. 0.0.0.0/0.0.0.0 cuts off external as it routes everything into the tunnel. Otherwise the only changes to default are for Host and Authentication.

I hope that these six days have been useful to others here! They have not made me any money, but will make my customers a lot happier - they will be advised to donate!Best regards to all, Dave

I had the same issue as you. I removed Sun Virtual Box and Windows XP emulation mode and was then able to install the software package with out errors. Not sure what you have loaded before but but may have a driver from some other app trying to access the same settings? Try unistalling apps that are network accessible?

However I did discover that if I immediately use the vpn tunnel I still get the error in the log but it doesnt disconnect. So i setup a continuous ping to a target on other end of tunnel then connect. It connects fine ping gets through then phase 2 completes. If i then stop ping and leave tunnel idle it stays up and is stable.

Hope this helps someone else :).Or maybe someone might suggest a configuration change that would mean i do not need the traffic to pass phase 2.

Looks like CISCO is about to offer official support. Found this on a different place.**********************

Due to popular demand, the Cisco VPN Client v5.0.7 open beta is now available! In addition to serving as a general maintenance release, the Cisco VPN Client 5.0.7 beta is compatible with Windows 7 & Windows Vista 64-bit environments. A 64-bit specific compatible image is available for installation on these platforms.

Key Capabilities available for Beta Testing: New Platform support – Windows 7 & Windows Vista 64-bit platform compatibility Software Access: http://tools.cisco.com/support/downloads/go/Redirect.x?m dfid=281940730 (under 5.BETA) Software is available for download by any customer with a Cisco.com SMARTnet™ enabled login. Release Notes will be available next week via a link once the download image is selected.

There are currently no plans to support Windows XP 64 bit in the VPN client.

THANK YOU! i spent hours trying to figure out why all over sudden my shrew vpn connection did not work on win 64bit after I did not use it for a few month. the force option you described made it work again, you saved my day!

Thanks man! I finally got 2 out of 3 of my VPN's working on my Vista 64bit system with Shrew and your explanation.The third is a problem, because it uses Certificate Authentication with a USB-token with a password. Does anyone knows how I should configure this in Shrew.In the Cisco VPN client I get a combobox where I can select a certificate, but in Shrew I see no such thing....?

I had issues VPN connections on Wireless network with WIN7 64 bit. VPN used to work on wireless, but not anymore.

Here is the solution:

go to control panel/network and internet/network connections/

Disable "Microsoft Virtual WiFi Miniport Adapter" in the list of and you will be able to connect VPN via wirelss. I think this was automatically installed by Microsoft update process recently when my VPN via wireless stopped working.

the error is 0x8004a029, which basically indicates that the maximum number of network filter drivers has been reached.Could you uninstall any other network filter driver that you think is not necessary and try reinstalling again?

" Anonymous said...I had issues VPN connections on Wireless network with WIN7 64 bit. VPN used to work on wireless, but not anymore.

Here is the solution:

go to control panel/network and internet/network connections/

Disable "Microsoft Virtual WiFi Miniport Adapter" in the list of and you will be able to connect VPN via wirelss. I think this was automatically installed by Microsoft update process recently when my VPN via wireless stopped working.

18 March 2010 07:08"

Thank you so much. Disable "Microsoft Virtual WiFi Miniport Adapter" its really really work on me.

Thanks a lot for taking time and writing this article. Also many thanks to person who posted "If you can connect to your host but cannot send any traffic, try the 2.2 Alpha 9 Version, it worked fine for me and many others."

Finally after 2-3 hrs of hard work, I figured out this article and after working for almost 2 hrs could get this beast running. I think investing 5 hrs is worth then spending $$ for the other commercial software.

In response to Happy Hippo regarding disabling firewalls (Jan 19,2010), I found that the only way for me to get rid of the "session terminated by gateway" issue was to disable my Windows 7 (64 bits) firewall (even if the check is on, Windows firewall issues no warning that it has blocked anything).Once the firewall disabled, tunnel remains stable over my wireless Cisco broadband home router/gateway.Setting phase-2 PFS=2 was also required but insufficient. I have now installed Shrew version 2.1.7 beta but I still have to disable the Windows firewall. Is there a work around to this? After reading many forums, I seem to be the only one in this situation...

I installed version 2.1.6 on Windows 7. I am able to establish a tunnel, but within less than 30 seconds it drops the tunnel with the error "detached from key daemon". During that 30 seconds that it is up, I can run ipconfig and see that I get an IP from the remote location. I have another system with Windows 7 at a different location using exactly the same settings (we imported the .pcf file from cisco vpn). He has no problem with his connection. Any suggestions> Thanks.

I installed 2.1.7 on Win7 x64. When trying to connect I was always getting bringing up tunnel negotiation timeout occurred. Tried all suggestions from earlier posts with no success. I was forced to use XP mode to be able to use SS client. It connected without any issues from the XXP mode but the same settings fail in win7. After quite a few days of research, one of the things I retried disabling Microsoft Virtual WiFi Miniport Adapter in network connections with failure again. I found a clue monitoring network activity and found no activity when trying to connect. I returned to MS WiFi Miniport Adapter settings, properties and unchecked SS light weight filter but left MS WiFi Miniport Adapter enabled (status was not connected) and connected right away. Hope this helps.

after some time of trying some of the above solutions for "negotiation timout occurred" message i finaly was able to connect after i restarted the 3 services which screwsoft uses. i started the trace utility and hit restart on all 3 first tabs. after that connection was made without problems. i am using scresoft 2.1.5 btw. hope this helps some others with this problem.

I am very pleased to have come across this thread as I have not managed to get Cisco VPN Client to work on my Win7 64 bit. Trying Shrew did also cause some problems, as I got connected, but no traffic. Then I found a note about trying 2.2 Alpha 9, and now everything works perfect.

Hi,I'm trying to connect via VPN to SAP using Shrew (I have windows 7 64 bit on a Sony Vaio notebook) and I got the connection ("tunnel enabled") but unfortunately I cannot reach SAP as I wasn't connect to VPN. I enabled the AVG firewall when they asked to me about it. I cannot understand why.Thanks in advance and regards.

Looking for help.I installed ver 2.1.7 on my Windows 7 64 bit laptop. Import of profiles works fine. Those VPN connections I had that prompted me for user and password works fine. The ones that did not, do not. It prompts me for credentials which I never had in first place for these connections (I'm not talking about the required group authentication. How do it get this new client to process the profile connection as before, not require credentials.Thanks, Bill

Regarding the timeout issue on Win7 64-bit, go to Device Manager under Network adapters, then disable the following adapter: Microsoft Virtual WiFi Miniport adapter. I got the hint from this link: http://comments.gmane.org/gmane.network.vpn.shrew.user/322

"Regarding the timeout issue on Win7 64-bit, go to Device Manager under Network adapters, then disable the following adapter: Microsoft Virtual WiFi Miniport adapter. I got the hint from this link: http://comments.gmane.org/gmane.network.vpn.shrew.user/322"

Thanks! I was chasing the networks and realized after reading your post I was using wireless when having this issue. You Rock!

he error is 0x8004a029, which basically indicates that the maximum number of network filter drivers has been reached.Could you uninstall any other network filter driver that you think is not necessary and try reinstalling again?

I installed the latest version of Shrew on Win 7 64-bit and imported my PCF file from Cisco VPN client. I am able to connect to the VPN, and I can ping all of our workstations and servers, but am not able to remote desktop or SSH into any of them.

I noticed someone else seemed to have this problem, and they said they solved it because their gateway was set to 0.0.0.0.

Mine has that exact problem. When I go through Cisco VPN from an older XP machine, it sets the gateway to the VPN IP address of machine.

Any ideas on how people fixed this? I looked around for about 5 hours tonight so am going to take a break.

--------------------

* Check the “default gateway” value in VPN Server LAN. A target on your remote LAN can receive pings but does not answer because there is not “Default gateway” settings.

Oh well, I gave up. We have a new Palo Alto VPN that uses a java client and it's much faster. So I went with that and Windows 8.

One thing weird though about Windows 8, and Palo Alto, when I tried to use the Remote Desktop app through the tile shortcut, I couldn't get connected, but when I went through the Windows desktop and clicked on the exe, it worked just fine.

DetailI previously used a Windows 7 x86 with a Cisco VPN client 5.0.04.xxxx to enter my society's intranet.On my new Windows 7 x64 I have no VPN client furnished by my society.So I tried Shrew Software for I read good reviews about it.I imported the current PCF, tried a connection, entered the user name and password and could connect in and retrieve an IP address, but I couldn't connect to targets either on RDP or on HTTP. In fact I couldn't even nslookup anything (the DNS was out of my subnet) or ping my targets (outside, too). My ipconfig showed no default gateway but a DNS and WINS server, while the default gateway showed -at the same time and same place- on my prehistoric Windows 7 x86.

I uninstalled Shrew 2.1.7 and installed 2.2.0 beta2, deleted the existing pcf to import it again, connected entering credentials, but still no dflt gw showing in ipconfig!I tried anyway the RDP, the http, everything worked fine. Even a succesfull ping out of my subnet.So I don't know why the gw didn't show, but it appears not to be the main point.

Thanks for above posts and thanks SS!

Oh! BTW, several colleagues with W7x64 didn't experience the same problem as me and work fine with 2.1.7. No time for further investigation.